What is CVE-2014-8636?

CVE-2014-8636 is a vulnerability in Mozilla Firefox, classified under Code Injection. Published 2015-01-14.

Is CVE-2014-8636 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Mozilla Firefox

CVE-2014-8636

The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chro…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.836 (99.3th percentile) — read the EPSS interpretation.

Affected products

Mozilla Firefox
Mozilla Seamonkey
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

Public proof-of-concept exploits

rapid7/metasploit-framework

References

security@mozilla.org (x_refsource_MISC)
62242 (x_refsource_SECUNIA, third-party-advisory)
security@mozilla.org (x_refsource_MISC)
72041 (vdb-entry, x_refsource_BID)
1031533 (vdb-entry, x_refsource_SECTRACK)
openSUSE-SU-2015:0192 (vendor-advisory, x_refsource_SUSE)
security@mozilla.org (x_refsource_CONFIRM)
firefox-cve20148636-sec-bypass(99964) (vdb-entry, x_refsource_XF)
62250 (x_refsource_SECUNIA, third-party-advisory)
SUSE-SU-2015:0173 (vendor-advisory, x_refsource_SUSE)

Frequently asked questions

What is CVE-2014-8636?: CVE-2014-8636 is a vulnerability in Mozilla Firefox, classified under Code Injection. Published 2015-01-14.
Is CVE-2014-8636 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.